redis-actionpack-json 4.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/.gitignore +15 -0
- data/.travis.yml +7 -0
- data/CHANGELOG +450 -0
- data/README.md +23 -0
- data/redis-actionpack-json/.gitignore +4 -0
- data/redis-actionpack-json/Gemfile +6 -0
- data/redis-actionpack-json/MIT-LICENSE +20 -0
- data/redis-actionpack-json/Rakefile +8 -0
- data/redis-actionpack-json/lib/action_dispatch/middleware/session/redis_store_json.rb +24 -0
- data/redis-actionpack-json/lib/redis-actionpack-json.rb +4 -0
- data/redis-actionpack-json/lib/redis/actionpack/version.rb +5 -0
- data/redis-actionpack-json/redis-actionpack-json.gemspec +32 -0
- data/redis-actionpack-json/test/dummy/.gitignore +1 -0
- data/redis-actionpack-json/test/dummy/Rakefile +7 -0
- data/redis-actionpack-json/test/dummy/app/controllers/test_controller.rb +37 -0
- data/redis-actionpack-json/test/dummy/config.ru +4 -0
- data/redis-actionpack-json/test/dummy/config/application.rb +29 -0
- data/redis-actionpack-json/test/dummy/config/boot.rb +10 -0
- data/redis-actionpack-json/test/dummy/config/environment.rb +5 -0
- data/redis-actionpack-json/test/dummy/config/initializers/secret_token.rb +7 -0
- data/redis-actionpack-json/test/dummy/config/initializers/session_store.rb +11 -0
- data/redis-actionpack-json/test/dummy/config/routes.rb +3 -0
- data/redis-actionpack-json/test/dummy/script/rails +6 -0
- data/redis-actionpack-json/test/fixtures/session_autoload_test/session_autoload_test/foo.rb +10 -0
- data/redis-actionpack-json/test/integration/redis_store_integration_test.rb +130 -0
- data/redis-actionpack-json/test/integration/redis_store_json_integration_test.rb +130 -0
- data/redis-actionpack-json/test/redis/actionpack/version_test.rb +7 -0
- data/redis-actionpack-json/test/test_helper.rb +23 -0
- data/redis-rack-json/.gitignore +5 -0
- data/redis-rack-json/Gemfile +5 -0
- data/redis-rack-json/MIT-LICENSE +20 -0
- data/redis-rack-json/Rakefile +8 -0
- data/redis-rack-json/lib/rack/session/redis.rb +69 -0
- data/redis-rack-json/lib/redis-rack-json.rb +3 -0
- data/redis-rack-json/lib/redis/rack/version.rb +6 -0
- data/redis-rack-json/redis-rack-json.gemspec +29 -0
- data/redis-rack-json/test/rack/session/redis_test.rb +289 -0
- data/redis-rack-json/test/redis/rack/version_test.rb +7 -0
- data/redis-rack-json/test/test_helper.rb +7 -0
- data/redis-store-json/Gemfile +4 -0
- data/redis-store-json/MIT-LICENSE +20 -0
- data/redis-store-json/Rakefile +7 -0
- data/redis-store-json/lib/redis-store-json.rb +11 -0
- data/redis-store-json/lib/redis/distributed_store.rb +46 -0
- data/redis-store-json/lib/redis/factory.rb +41 -0
- data/redis-store-json/lib/redis/store.rb +47 -0
- data/redis-store-json/lib/redis/store/interface.rb +21 -0
- data/redis-store-json/lib/redis/store/namespace.rb +66 -0
- data/redis-store-json/lib/redis/store/strategy.rb +60 -0
- data/redis-store-json/lib/redis/store/strategy/json.rb +49 -0
- data/redis-store-json/lib/redis/store/strategy/json_session.rb +67 -0
- data/redis-store-json/lib/redis/store/strategy/marshal.rb +16 -0
- data/redis-store-json/lib/redis/store/strategy/yaml.rb +16 -0
- data/redis-store-json/lib/redis/store/ttl.rb +37 -0
- data/redis-store-json/lib/redis/store/version.rb +5 -0
- data/redis-store-json/lib/tasks/redis.tasks.rb +167 -0
- data/redis-store-json/redis-store-json.gemspec +29 -0
- data/redis-store-json/test/config/node-one.conf +46 -0
- data/redis-store-json/test/config/node-two.conf +46 -0
- data/redis-store-json/test/config/redis.conf +46 -0
- data/redis-store-json/test/redis/distributed_store_test.rb +53 -0
- data/redis-store-json/test/redis/factory_test.rb +120 -0
- data/redis-store-json/test/redis/store/interface_test.rb +27 -0
- data/redis-store-json/test/redis/store/namespace_test.rb +103 -0
- data/redis-store-json/test/redis/store/strategy/json_session_test.rb +160 -0
- data/redis-store-json/test/redis/store/strategy/json_test.rb +108 -0
- data/redis-store-json/test/redis/store/strategy/marshal_test.rb +121 -0
- data/redis-store-json/test/redis/store/strategy/yaml_test.rb +105 -0
- data/redis-store-json/test/redis/store/ttl_test.rb +107 -0
- data/redis-store-json/test/redis/store/version_test.rb +7 -0
- data/redis-store-json/test/redis/store_test.rb +45 -0
- data/redis-store-json/test/test_helper.rb +22 -0
- metadata +279 -0
data/README.md
ADDED
@@ -0,0 +1,23 @@
|
|
1
|
+
# Rails 4 Redis session store with JSON serialization
|
2
|
+
|
3
|
+
Require store and actionpack
|
4
|
+
|
5
|
+
```
|
6
|
+
gem 'redis-actionpack-json', '~> 4.0.0'
|
7
|
+
gem 'redis-rack', '~> 1.5.2'
|
8
|
+
gem 'redis-store', '~> 3.0.0'
|
9
|
+
```
|
10
|
+
|
11
|
+
Configure the session
|
12
|
+
|
13
|
+
```
|
14
|
+
MyApplication.config.session_store :redis_store,
|
15
|
+
:key => '_session_key',
|
16
|
+
:key_prefix => 'key_prefix_',
|
17
|
+
:strategy => :json_session,
|
18
|
+
:domain => :all,
|
19
|
+
:server => {
|
20
|
+
:host => :localhost,
|
21
|
+
:port => 6379
|
22
|
+
}
|
23
|
+
```
|
@@ -0,0 +1,20 @@
|
|
1
|
+
Copyright (c) 2009 - 2011 Luca Guidi
|
2
|
+
|
3
|
+
Permission is hereby granted, free of charge, to any person obtaining
|
4
|
+
a copy of this software and associated documentation files (the
|
5
|
+
"Software"), to deal in the Software without restriction, including
|
6
|
+
without limitation the rights to use, copy, modify, merge, publish,
|
7
|
+
distribute, sublicense, and/or sell copies of the Software, and to
|
8
|
+
permit persons to whom the Software is furnished to do so, subject to
|
9
|
+
the following conditions:
|
10
|
+
|
11
|
+
The above copyright notice and this permission notice shall be
|
12
|
+
included in all copies or substantial portions of the Software.
|
13
|
+
|
14
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
15
|
+
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
16
|
+
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
|
17
|
+
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
|
18
|
+
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
|
19
|
+
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
|
20
|
+
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
@@ -0,0 +1,24 @@
|
|
1
|
+
require 'redis-store-json'
|
2
|
+
require 'redis-rack-json'
|
3
|
+
require 'action_dispatch/middleware/session/abstract_store'
|
4
|
+
|
5
|
+
module ActionDispatch
|
6
|
+
module Session
|
7
|
+
class RedisStoreJson < Rack::Session::Redis
|
8
|
+
include Compatibility
|
9
|
+
include StaleSessionCheck
|
10
|
+
def initialize(app, options = {})
|
11
|
+
options = options.dup
|
12
|
+
options[:redis_server] ||= options[:servers] if options[:servers].present?
|
13
|
+
super
|
14
|
+
end
|
15
|
+
|
16
|
+
private
|
17
|
+
|
18
|
+
def set_cookie(env, session_id, cookie)
|
19
|
+
request = ActionDispatch::Request.new(env)
|
20
|
+
request.cookie_jar[key] = cookie
|
21
|
+
end
|
22
|
+
end
|
23
|
+
end
|
24
|
+
end
|
@@ -0,0 +1,32 @@
|
|
1
|
+
# -*- encoding: utf-8 -*-
|
2
|
+
$:.push File.expand_path("../lib", __FILE__)
|
3
|
+
require "redis/actionpack/version"
|
4
|
+
|
5
|
+
Gem::Specification.new do |s|
|
6
|
+
s.name = 'redis-actionpack-json'
|
7
|
+
s.version = Redis::ActionPack::VERSION
|
8
|
+
s.authors = ["Nathan Tsoi", "Luca Guidi", "Matt Horan"]
|
9
|
+
s.email = ["nathan@vertile.com"]
|
10
|
+
s.homepage = "http://github.com/nathantsoi/redis-store-json"
|
11
|
+
s.summary = "Rails 4 Redis session store for ActionPack with JSON serialization"
|
12
|
+
s.description = "Rails 4 Redis session store for ActionPack with JSON serialization"
|
13
|
+
|
14
|
+
s.rubyforge_project = "redis-actionpack-json"
|
15
|
+
|
16
|
+
s.files = `git ls-files`.split("\n")
|
17
|
+
s.test_files = `git ls-files -- {test,spec,features}/*`.split("\n")
|
18
|
+
s.executables = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
|
19
|
+
s.require_paths = ["lib"]
|
20
|
+
|
21
|
+
s.add_runtime_dependency 'redis-store-json', '~> 3.0.0'
|
22
|
+
s.add_runtime_dependency 'redis-rack-json', '~> 1.5.2'
|
23
|
+
s.add_runtime_dependency 'actionpack', '~> 4.0.0.rc1'
|
24
|
+
|
25
|
+
s.add_development_dependency 'rake', '~> 10'
|
26
|
+
s.add_development_dependency 'bundler', '~> 1.2'
|
27
|
+
s.add_development_dependency 'mocha', '~> 0.13.0'
|
28
|
+
s.add_development_dependency 'minitest', '~> 4.3.1'
|
29
|
+
s.add_development_dependency 'tzinfo'
|
30
|
+
s.add_development_dependency 'mini_specunit'
|
31
|
+
s.add_development_dependency 'mini_backtrace'
|
32
|
+
end
|
@@ -0,0 +1 @@
|
|
1
|
+
log/*
|
@@ -0,0 +1,7 @@
|
|
1
|
+
#!/usr/bin/env rake
|
2
|
+
# Add your own tasks in files placed in lib/tasks ending in .rake,
|
3
|
+
# for example lib/tasks/capistrano.rake, and they will automatically be available to Rake.
|
4
|
+
|
5
|
+
require File.expand_path('../config/application', __FILE__)
|
6
|
+
|
7
|
+
Dummy::Application.load_tasks
|
@@ -0,0 +1,37 @@
|
|
1
|
+
class TestController < ActionController::Base
|
2
|
+
def no_session_access
|
3
|
+
head :ok
|
4
|
+
end
|
5
|
+
|
6
|
+
def set_session_value
|
7
|
+
session[:foo] = "bar"
|
8
|
+
head :ok
|
9
|
+
end
|
10
|
+
|
11
|
+
def set_session_value_with_expiry
|
12
|
+
request.session_options[:expire_after] = 1.second
|
13
|
+
set_session_value
|
14
|
+
end
|
15
|
+
|
16
|
+
def set_serialized_session_value
|
17
|
+
session[:foo] = SessionAutoloadTest::Foo.new
|
18
|
+
head :ok
|
19
|
+
end
|
20
|
+
|
21
|
+
def get_session_value
|
22
|
+
render :text => "foo: #{session[:foo].inspect}"
|
23
|
+
end
|
24
|
+
|
25
|
+
def get_session_id
|
26
|
+
render :text => "#{request.session_options[:id]}"
|
27
|
+
end
|
28
|
+
|
29
|
+
def call_reset_session
|
30
|
+
session[:bar]
|
31
|
+
reset_session
|
32
|
+
session[:bar] = "baz"
|
33
|
+
head :ok
|
34
|
+
end
|
35
|
+
|
36
|
+
def rescue_action(e) raise end
|
37
|
+
end
|
@@ -0,0 +1,29 @@
|
|
1
|
+
require File.expand_path('../boot', __FILE__)
|
2
|
+
|
3
|
+
require "action_controller/railtie"
|
4
|
+
|
5
|
+
Bundler.require
|
6
|
+
|
7
|
+
module Dummy
|
8
|
+
class Application < Rails::Application
|
9
|
+
# Disable class caching for session auto-load test
|
10
|
+
config.cache_classes = false
|
11
|
+
|
12
|
+
# Log error messages when you accidentally call methods on nil
|
13
|
+
config.whiny_nils = true
|
14
|
+
|
15
|
+
# Show full error reports and disable caching
|
16
|
+
config.consider_all_requests_local = true
|
17
|
+
config.action_controller.perform_caching = false
|
18
|
+
|
19
|
+
# Raise exceptions instead of rendering exception templates
|
20
|
+
config.action_dispatch.show_exceptions = false
|
21
|
+
|
22
|
+
# Disable request forgery protection in test environment
|
23
|
+
config.action_controller.allow_forgery_protection = false
|
24
|
+
|
25
|
+
# Print deprecation notices to the stderr
|
26
|
+
config.active_support.deprecation = :stderr
|
27
|
+
end
|
28
|
+
end
|
29
|
+
|
@@ -0,0 +1,7 @@
|
|
1
|
+
# Be sure to restart your server when you modify this file.
|
2
|
+
|
3
|
+
# Your secret key for verifying the integrity of signed cookies.
|
4
|
+
# If you change this key, all old signed cookies will become invalid!
|
5
|
+
# Make sure the secret is at least 30 characters and all random,
|
6
|
+
# no regular words or you'll be exposed to dictionary attacks.
|
7
|
+
Dummy::Application.config.secret_token = 'a7d2ff143cdb3d1f9470a3ce2df7bb220a9c4498cb5c4a35150705de6719114b12ab7512a9618a2d3c25f8d6e62ab22c042445ed856ff674f4ee2faabd9d2041'
|
@@ -0,0 +1,11 @@
|
|
1
|
+
# Be sure to restart your server when you modify this file.
|
2
|
+
|
3
|
+
Dummy::Application.config.session_store :redis_store,
|
4
|
+
:key => '_session_id',
|
5
|
+
:servers => ["redis://127.0.0.1:6380/1/theplaylist",
|
6
|
+
"redis://127.0.0.1:6381/1/theplaylist"]
|
7
|
+
|
8
|
+
# Use the database for sessions instead of the cookie-based default,
|
9
|
+
# which shouldn't be used to store highly confidential information
|
10
|
+
# (create the session table with "rails generate session_migration")
|
11
|
+
# Dummy::Application.config.session_store :active_record_store
|
@@ -0,0 +1,6 @@
|
|
1
|
+
#!/usr/bin/env ruby
|
2
|
+
# This command will automatically be run when you run "rails" with Rails 3 gems installed from the root of your application.
|
3
|
+
|
4
|
+
APP_PATH = File.expand_path('../../config/application', __FILE__)
|
5
|
+
require File.expand_path('../../config/boot', __FILE__)
|
6
|
+
require 'rails/commands'
|
@@ -0,0 +1,130 @@
|
|
1
|
+
require 'test_helper'
|
2
|
+
|
3
|
+
class RedisStoreJsonIntegrationTest < ActionController::IntegrationTest
|
4
|
+
it "reads the data" do
|
5
|
+
get '/set_session_value'
|
6
|
+
response.must_be :success?
|
7
|
+
cookies['_session_id'].wont_be_nil
|
8
|
+
|
9
|
+
get '/get_session_value'
|
10
|
+
response.must_be :success?
|
11
|
+
response.body.must_equal 'foo: "bar"'
|
12
|
+
end
|
13
|
+
|
14
|
+
it "should get nil session value" do
|
15
|
+
get '/get_session_value'
|
16
|
+
response.must_be :success?
|
17
|
+
response.body.must_equal 'foo: nil'
|
18
|
+
end
|
19
|
+
|
20
|
+
it "should delete the data after session reset" do
|
21
|
+
get '/set_session_value'
|
22
|
+
response.must_be :success?
|
23
|
+
cookies['_session_id'].wont_be_nil
|
24
|
+
session_cookie = cookies.send(:hash_for)['_session_id']
|
25
|
+
|
26
|
+
get '/call_reset_session'
|
27
|
+
response.must_be :success?
|
28
|
+
headers['Set-Cookie'].wont_equal []
|
29
|
+
|
30
|
+
cookies << session_cookie
|
31
|
+
|
32
|
+
get '/get_session_value'
|
33
|
+
response.must_be :success?
|
34
|
+
response.body.must_equal 'foo: nil'
|
35
|
+
end
|
36
|
+
|
37
|
+
it "should not send cookies on write, not read" do
|
38
|
+
get '/get_session_value'
|
39
|
+
response.must_be :success?
|
40
|
+
response.body.must_equal 'foo: nil'
|
41
|
+
cookies['_session_id'].must_be_nil
|
42
|
+
end
|
43
|
+
|
44
|
+
it "should set session value after session reset" do
|
45
|
+
get '/set_session_value'
|
46
|
+
response.must_be :success?
|
47
|
+
cookies['_session_id'].wont_be_nil
|
48
|
+
session_id = cookies['_session_id']
|
49
|
+
|
50
|
+
get '/call_reset_session'
|
51
|
+
response.must_be :success?
|
52
|
+
headers['Set-Cookie'].wont_equal []
|
53
|
+
|
54
|
+
get '/get_session_value'
|
55
|
+
response.must_be :success?
|
56
|
+
response.body.must_equal 'foo: nil'
|
57
|
+
|
58
|
+
get '/get_session_id'
|
59
|
+
response.must_be :success?
|
60
|
+
response.body.wont_equal session_id
|
61
|
+
end
|
62
|
+
|
63
|
+
it "should be able to read session id without accessing the session hash" do
|
64
|
+
get '/set_session_value'
|
65
|
+
response.must_be :success?
|
66
|
+
cookies['_session_id'].wont_be_nil
|
67
|
+
session_id = cookies['_session_id']
|
68
|
+
|
69
|
+
get '/get_session_id'
|
70
|
+
response.must_be :success?
|
71
|
+
response.body.must_equal session_id
|
72
|
+
end
|
73
|
+
|
74
|
+
it "should auto-load unloaded class" do
|
75
|
+
with_autoload_path "session_autoload_test" do
|
76
|
+
get '/set_serialized_session_value'
|
77
|
+
response.must_be :success?
|
78
|
+
cookies['_session_id'].wont_be_nil
|
79
|
+
end
|
80
|
+
|
81
|
+
with_autoload_path "session_autoload_test" do
|
82
|
+
get '/get_session_id'
|
83
|
+
assert_response :success
|
84
|
+
end
|
85
|
+
|
86
|
+
with_autoload_path "session_autoload_test" do
|
87
|
+
get '/get_session_value'
|
88
|
+
response.must_be :success?
|
89
|
+
response.body.must_equal 'foo: #<SessionAutoloadTest::Foo bar:"baz">'
|
90
|
+
end
|
91
|
+
end
|
92
|
+
|
93
|
+
it "should not resend the cookie again if session_id cookie is already exists" do
|
94
|
+
get '/set_session_value'
|
95
|
+
response.must_be :success?
|
96
|
+
cookies['_session_id'].wont_be_nil
|
97
|
+
|
98
|
+
get '/get_session_value'
|
99
|
+
response.must_be :success?
|
100
|
+
headers['Set-Cookie'].must_be_nil
|
101
|
+
end
|
102
|
+
|
103
|
+
it "should prevent session fixation" do
|
104
|
+
get '/get_session_value'
|
105
|
+
response.must_be :success?
|
106
|
+
response.body.must_equal 'foo: nil'
|
107
|
+
session_id = cookies['_session_id']
|
108
|
+
|
109
|
+
reset!
|
110
|
+
|
111
|
+
get '/set_session_value', :_session_id => session_id
|
112
|
+
response.must_be :success?
|
113
|
+
cookies['_session_id'].wont_equal session_id
|
114
|
+
end
|
115
|
+
|
116
|
+
it "should write the data with expiration time" do
|
117
|
+
get '/set_session_value_with_expiry'
|
118
|
+
response.must_be :success?
|
119
|
+
|
120
|
+
get '/get_session_value'
|
121
|
+
response.must_be :success?
|
122
|
+
response.body.must_equal 'foo: "bar"'
|
123
|
+
|
124
|
+
sleep 1
|
125
|
+
|
126
|
+
get '/get_session_value'
|
127
|
+
response.must_be :success?
|
128
|
+
response.body.must_equal 'foo: nil'
|
129
|
+
end
|
130
|
+
end
|
@@ -0,0 +1,130 @@
|
|
1
|
+
require 'test_helper'
|
2
|
+
|
3
|
+
class RedisStoreJsonIntegrationTest < ActionController::IntegrationTest
|
4
|
+
it "reads the data" do
|
5
|
+
get '/set_session_value'
|
6
|
+
response.must_be :success?
|
7
|
+
cookies['_session_id'].wont_be_nil
|
8
|
+
|
9
|
+
get '/get_session_value'
|
10
|
+
response.must_be :success?
|
11
|
+
response.body.must_equal 'foo: "bar"'
|
12
|
+
end
|
13
|
+
|
14
|
+
it "should get nil session value" do
|
15
|
+
get '/get_session_value'
|
16
|
+
response.must_be :success?
|
17
|
+
response.body.must_equal 'foo: nil'
|
18
|
+
end
|
19
|
+
|
20
|
+
it "should delete the data after session reset" do
|
21
|
+
get '/set_session_value'
|
22
|
+
response.must_be :success?
|
23
|
+
cookies['_session_id'].wont_be_nil
|
24
|
+
session_cookie = cookies.send(:hash_for)['_session_id']
|
25
|
+
|
26
|
+
get '/call_reset_session'
|
27
|
+
response.must_be :success?
|
28
|
+
headers['Set-Cookie'].wont_equal []
|
29
|
+
|
30
|
+
cookies << session_cookie
|
31
|
+
|
32
|
+
get '/get_session_value'
|
33
|
+
response.must_be :success?
|
34
|
+
response.body.must_equal 'foo: nil'
|
35
|
+
end
|
36
|
+
|
37
|
+
it "should not send cookies on write, not read" do
|
38
|
+
get '/get_session_value'
|
39
|
+
response.must_be :success?
|
40
|
+
response.body.must_equal 'foo: nil'
|
41
|
+
cookies['_session_id'].must_be_nil
|
42
|
+
end
|
43
|
+
|
44
|
+
it "should set session value after session reset" do
|
45
|
+
get '/set_session_value'
|
46
|
+
response.must_be :success?
|
47
|
+
cookies['_session_id'].wont_be_nil
|
48
|
+
session_id = cookies['_session_id']
|
49
|
+
|
50
|
+
get '/call_reset_session'
|
51
|
+
response.must_be :success?
|
52
|
+
headers['Set-Cookie'].wont_equal []
|
53
|
+
|
54
|
+
get '/get_session_value'
|
55
|
+
response.must_be :success?
|
56
|
+
response.body.must_equal 'foo: nil'
|
57
|
+
|
58
|
+
get '/get_session_id'
|
59
|
+
response.must_be :success?
|
60
|
+
response.body.wont_equal session_id
|
61
|
+
end
|
62
|
+
|
63
|
+
it "should be able to read session id without accessing the session hash" do
|
64
|
+
get '/set_session_value'
|
65
|
+
response.must_be :success?
|
66
|
+
cookies['_session_id'].wont_be_nil
|
67
|
+
session_id = cookies['_session_id']
|
68
|
+
|
69
|
+
get '/get_session_id'
|
70
|
+
response.must_be :success?
|
71
|
+
response.body.must_equal session_id
|
72
|
+
end
|
73
|
+
|
74
|
+
it "should auto-load unloaded class" do
|
75
|
+
with_autoload_path "session_autoload_test" do
|
76
|
+
get '/set_serialized_session_value'
|
77
|
+
response.must_be :success?
|
78
|
+
cookies['_session_id'].wont_be_nil
|
79
|
+
end
|
80
|
+
|
81
|
+
with_autoload_path "session_autoload_test" do
|
82
|
+
get '/get_session_id'
|
83
|
+
assert_response :success
|
84
|
+
end
|
85
|
+
|
86
|
+
with_autoload_path "session_autoload_test" do
|
87
|
+
get '/get_session_value'
|
88
|
+
response.must_be :success?
|
89
|
+
response.body.must_equal 'foo: #<SessionAutoloadTest::Foo bar:"baz">'
|
90
|
+
end
|
91
|
+
end
|
92
|
+
|
93
|
+
it "should not resend the cookie again if session_id cookie is already exists" do
|
94
|
+
get '/set_session_value'
|
95
|
+
response.must_be :success?
|
96
|
+
cookies['_session_id'].wont_be_nil
|
97
|
+
|
98
|
+
get '/get_session_value'
|
99
|
+
response.must_be :success?
|
100
|
+
headers['Set-Cookie'].must_be_nil
|
101
|
+
end
|
102
|
+
|
103
|
+
it "should prevent session fixation" do
|
104
|
+
get '/get_session_value'
|
105
|
+
response.must_be :success?
|
106
|
+
response.body.must_equal 'foo: nil'
|
107
|
+
session_id = cookies['_session_id']
|
108
|
+
|
109
|
+
reset!
|
110
|
+
|
111
|
+
get '/set_session_value', :_session_id => session_id
|
112
|
+
response.must_be :success?
|
113
|
+
cookies['_session_id'].wont_equal session_id
|
114
|
+
end
|
115
|
+
|
116
|
+
it "should write the data with expiration time" do
|
117
|
+
get '/set_session_value_with_expiry'
|
118
|
+
response.must_be :success?
|
119
|
+
|
120
|
+
get '/get_session_value'
|
121
|
+
response.must_be :success?
|
122
|
+
response.body.must_equal 'foo: "bar"'
|
123
|
+
|
124
|
+
sleep 1
|
125
|
+
|
126
|
+
get '/get_session_value'
|
127
|
+
response.must_be :success?
|
128
|
+
response.body.must_equal 'foo: nil'
|
129
|
+
end
|
130
|
+
end
|